WordPress Plugin Vulnerabilities

SEO Redirection < 2.9 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability in its settings page, via the search GET parameter

Proof of Concept

Affects Plugins

Plugin icon
seo-redirection
Fixed in 2.9

References

URL
http://cinu.pl/research/wp-plugins/mail_7d3659e7efb87bb85ac0bc406a6424ee.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
df918e9d-3019-4355-9829-1bc120f2c6a0

Timeline

Publicly Published
2015-08-21 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2021-01-29 (about 5 years ago)

Other

Published
Title
Published
2022-01-10
Title
Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting
Published
2023-10-23
Title
Very Simple Google Maps < 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-03-24
Title
WP Colorful Tag Cloud <= 2.0.1 - Reflected Cross-Site Scripting
Published
2021-12-06
Title
Multivendor Marketplace Solution for WooCommerce < 3.8.4 - Reflected Cross-Site Scripting
Published
2025-12-26
Title
Popping Sidebars and Widgets Light <= 1.27 - Authenticated (Administrator+) Stored Cross-Site Scripting